Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.
Follow us on X
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== Resources ======
Unicode surrogates conversion
Prompt. Scan. Exploit
Breaking into thousands of cloud based VPNs with 1 bug
Examining Access Control Vulnerabilities in GraphQL
Smart Bus Smart Hacking
Passkeys Pwned
Bypassing Intent Destination Checks
Gemini Agents in Google Calendar
Exploitation of DOM Clobbering Vuln at Scale
TheHulk
Smart Devices, Dumb Resets
Mac PRT Cookie Theft
====== Timestamps ======
(00:00:00) Introduction
(00:10:10) Prompt. Scan. Exploit
(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug
(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned
(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents
(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets
